Security

General discussion

Trojan or Spyware?

I started having some problems with my laptop - Outlook failed with no meaningful error message. The problem started around the time a friend sent my a copy of system information so I could try and resolve a USB issue he has. The email contained ajava script to access an email service. Saved the text file with system info and deleted the message.

I decided to fix the Outlook issue and went hunting for the error log. What I found was a program folder called Motive with a bunch of log files and an application motmon.exe in it. Log file time stamps matched my failure. Motmon is apparently part of Dell Resolution Assistant, known to cause problems, and no longer used by Dell. Looking in the log files, I find all sorts of info about where I have been and what I have done. Since I don't save browser history and clean out cookies and temp folders, it was a surprise.

Hunting for info on the log files, I did a search by file name and got a single result. This was to a user account record. The account name is that of my friend, and the record shows what appears to be my directory including these Motive logs.

All Comments

continued

I don't recognize the site, and moving back along the URL I lose access. Going straight to the home page, it is some kind of tech support site but the links offer no access and the services are not listed.

I try the other log files in motive, and the search again returns the same spot with my friend listed as the account owner.

Dell support isn't. The Motmon software firm has no technical info on their site, only that they do CRM. All reference to motmon.exe stops at telling me its notnecessary and can be uninstalled, but no info on the logs or what happens with them.

I am thinking trojan or spyware on my system. A call to the referenced site contact info only gets me a recorder and no call back.

It was a bad program.

Quite intrusive, as you have found out. I was curious as to whether someone had crafted it into a malicious snoop program (it could be described as factory spyware) but didn't find anything at my usual haunts.

Just a guess, but since it was buggyto begin with and crashed stuff, it's probably not the best for a trojan base. Ideally you would want something that gave no indication it was there, although using a "factory spyware" might be attractive to get past the usual AV shields.

Anyway,I don't think there is anything you don't know here, but maybe it will at least get some recognition for your problem :)

No fool like an old fool

I thought there might be some more input, but apparently not. Turns out the link was legit - an actual person getting a backup service from a company. Pure coincedense that he has the same name as my friend. Strange that it was the only link thatshowed up with the search by file name.

As for directory looking like mine - the backup was on a Dell, and only showed files that had changed. These were the Dell installed c:\Program\Motive\ log files generated by Dell Resolution Assistant. That is why the directory lookes so familiar.

This one goes in the file with other bizarre problems I have encountered: - the system jamming caused whenever a specific reconnaissance operator went to the head on a particular aircraft - he insistedon carrying the large oxygen bottle and when he hung it up on the rack it pressed a cable out of its back shell until he picked it back up.- the power supply that would not start on only one of 18 aircraft unless the console controls were connected using the mockup cable - a 2 inch difference in cable length caused the control voltage to drop below the usable minimum.- the extra characters that intermittently appeared on the bank system when a specific admin was using the terminal - caused by her natural endowments pressing down keys when she reached to answer the telephone.- the "network down error" message that put bank management in crisis mode for two weeks - caused by poorly written error messages that showed "network down" for any error external to the mainframe application, in this case a loose printer cover.- the engineering system that crashed whenever and only when a particular use logged in on a particular console and pulled up a particular part - the combination ofhis user ID plus the terminal ID plus the part code spoofing the loop back tone on the analog modem line to the data center.

"Network Down" Error

Reminds me at my frustration at the generic "disabled by administrator" messages within MS (and others).

Why is it that when I get an error message saying the "network is down" it makes me attempt to explore or call the admin rather than stop working? When I see "disabled by your administrator" I immediately think it is a way to protect my ability to work efficiently rather than immediately running to the lunch room to talk about ways the function I couldn't get to might be an impedimant tomy work in some possible scenario that has never existed?

I'm glad you figured out the problem, at least you don't have to wonder now :) When I suspect malicious possibility I check new order, bugtraq, security focus and the like. If it is around, or soon to be around, it usually shows up in a search of the forums IME. :)

Right

I rarely panic. However, when the only reference takes you to an account page, and the name is not just a friend but someone you just received some data from, it just seems too coincental.

That network down error was classic - system had been operational for about 15 years. All other data seemed to point to a problem with the Federal Reserve section, hence the crisis mode. I discovered it only because I had to hang around waiting for security to open a communications closet for me. Whilewaiting, one of the guys in that department asked if anyone was going to fix that printer now that my company was taking over IT. He showed me how it was falling apart, and as he did the data center paged me to let me know they had another network down message.

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.